An authentication filter that redirects the user to the login page when they are trying to access
a protected resource. However, if the user is trying to access the login page, the filter lets
the request pass through to the application code.

The difference between this filter and the FormAuthenticationFilter is that
on a login submission (by default an HTTP POST to the login URL), the FormAuthenticationFilter filter
attempts to automatically authenticate the user by passing the username and password
request parameter values to
Subject.login(usernamePasswordToken)
directly.

Conversely, this controller always passes all requests to the loginUrl through, both GETs and
POSTs. This is useful in cases where the developer wants to write their own login behavior, which should include a
call to Subject.login(AuthenticationToken)
at some point. For example, if the developer has their own custom MVC login controller or validator,
this PassThruAuthenticationFilter may be appropriate.